6867 matches found
Symantec Security Advisory for Log4j Vulnerability
Summary Symantec products may be susceptible to a flaw in the Apache Log4j 2 library JNDI lookup mechanism. A remote attacker, who can trigger Log4j to log crafted malicious strings, can execute arbitrary code on the target system. Affected Products The following products and product versions are...
Authentication Bypass in ASG and ProxySG
Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...
Symantec Security Update
Symantec Endpoint Protection, Data Center Security and Cloud Workload Protection Security Update Summary Symantec - A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection Manager SEPM, Symantec Endpoint Protection SEP, Data Center...
OS Command Injection in Security Analytics
Summary The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges. Affected Products The following...
OpenSSL Vulnerabilities Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to two vulnerabilities. A remote attacker may be able to cause denial of service through application crashes. An application may successfully validate an invalid X.509 certificate...
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source...
OpenSSL Vulnerabilities Sep 2020 - Feb 2021
Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A remote attacker may be able to decrypt encrypted communication from an SSL/TLS connection, downgrade a newly established SSL/TLS connection to SSLv2,...
Linux Kernel CVE-2019-5108 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Linux kernel 5.3 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11...
Privilege Escalation and Information Disclosure Vulnerabilities in SMG
Summary Symantec Messaging Gateway SMG is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwi...
Symantec Endpoint Detection & Response Security Update
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Products Symantec Endpoint Detection & Response SEDR --- CVE | Affected Version | Remediation CVE-2020-12593 | Prior to 4.5...
SEDR Information Disclosure
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Product Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2020-5839 | Prior to 4....
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
Summary Symantec Web Security Group WSG products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perfo...
OpenSSL Vulnerabilities Sep 2019 – Apr 2020
Summary Symantec Web Security Group WSG products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A local or remote attacker can obtain private key or other secret key information. A remote attacker can also cause denial of service. Affected Products The followin...
IT Analytics XSS
Summary Symantec has released an update to address an issue that was discovered in the IT Analytics product. Affected Products IT Analytics --- CVE | Affected Versions | Remediation CVE-2020-5838 | Prior to 2.9.1 | Upgrade to 2.9.1 Issue Details CVE-2020-5838 --- Severity/CVSSv3: | Medium / 4.3...
Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020
Summary Symantec SWG products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker can execute arbitrary code on the target host, hijack an authenticated Tomcat user's session, redirect a Tomcat user to an arbitrary URL, execute arbitrary...
Symantec Endpoint Protection Security Update
Summary Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP and Symantec Endpoint Protection Manager SEPM products. Affected Products Symantec Endpoint Protection Manager SEPM --- CVE | Affected Versions | Remediatio...
Nginx Vulnerabilities Jul 2017 - Oct 2019
Summary Symantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service ...
OpenSSH Vulnerabilities Jan-Oct 2019
Summary Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle MITM attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes...
Session Hijacking Vulnerability in ProxySG and ASG
Summary The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Affected Products Advanced Secure...
CSRF Token Information Disclosure in MC
Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...
Data Center Security Privilege Escalation
Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...
Symantec Endpoint Protection Multiple Issues
Summary Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP, Symantec Endpoint Protection Manager SEPM, and Symantec Endpoint Protection Small Business Edition SEP SBE products. At this time, Symantec is not aware of any exploitations or...
Microsoft Dynamics 365 CVE-2020-0656 Cross Site Scripting Vulnerability
Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Oracle Banking Corporate Lending cpujan2020 Multiple Security Vulnerabilities
Description Oracle Banking Corporate Lending is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Core module' component is affected. These vulnerabilities affect the following supported versions: 12.3.0 through 12.4.0, 14.0.0 throug...
SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability
Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Oracle GraalVM Enterprise Edition CVE-2020-2581 Local Security Vulnerability
Description Oracle GraalVM Enterprise Edition is prone to a local security vulnerability. The 'LLVM Interpreter' component is affected. This vulnerability affects the following supported versions: 19.3.0.2 Technologies Affected Oracle GraalVM Enterprise Edition 19.3.0.2 Recommendations Block...
Oracle Java SE/Java SE Embedded/GraalVM CVE-2020-2604 Remote Security Vulnerability
Description Oracle Java SE/Java SE Embedded/GraalVM are prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Serialization' component. This vulnerability affects the following supported versions: Java SE: 7u241, 8u231, 11.0....
Microsoft Excel CVE-2020-0650 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Oracle WebLogic Server CVE-2020-2550 Local Security Vulnerability
Description Oracle WebLogic Server is prone to a local security vulnerability. The 'WLS Core Components' component is affected. This vulnerability affects the following supported versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 Technologies Affected Oracle Weblogic Server 10.3.6.0.0 Oracl...
Oracle Coherence CVE-2020-2555 Multiple Remote Security Vulnerabilities
Description Oracle Coherence is prone to multiple remote security vulnerabilities. The vulnerability can be exploited over the 'T3' protocol. The 'Caching', 'CacheStore' and 'Invocation' components are affected. This vulnerability affects the following supported versions: 12.1.3.0.0, 12.2.1.3.0 a...
Microsoft Windows CVE-2020-0621 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Windows 10 Version 1709 for...
Oracle Siebel CRM CVE-2020-2559 Remote Security Vulnerability
Description Oracle Siebel CRM is prone to a remote security vulnerability. This vulnerability affects the 'UIF Open UI' component and can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 19.7 and prior Technologies Affected Oracle Siebel UI...
Microsoft Windows Win32k CVE-2020-0642 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Search Indexer CVE-2020-0629 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft OneDrive for Android CVE-2020-0654 Security Bypass Vulnerability
Description Microsoft OneDrive for Android is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. Technologies Affected Microsoft OneDrive Recommendations...
Oracle E-Business Suite CVE-2020-2591 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Web Applications Desktop Integrator' product. This vulnerability can be exploited over the 'HTTP' protocol. The 'Application Service' component is affected. This vulnerability affects the following supporte...
Oracle iLearning CVE-2020-2709 Remote Security Vulnerability
Description Oracle iLearning is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Learner Pages' component is affected. This vulnerability affects the following supported versions: 6.1 Technologies Affected Oracle iLearning 6.1...
Oracle Siebel CRM Cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Siebel CRM is prone to multiple remote security vulnerabilities. These vulnerabilities affect the 'EAI' and 'SWSE Server' components and can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 19.10 and prior Technologies Affect...
Adobe Experience Manager CVE-2019-16469 Information Disclosure Vulnerability
Description Adobe Experience Manager is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Adobe Experience Manager 6.5 is vulnerable. Technologies Affected Adobe Experience Manager 6.5...
Microsoft Windows Hyper-V CVE-2020-0617 Denial of Service Vulnerability
Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...
Oracle Database Server CVE-2020-2568 Local Security Vulnerability
Description Oracle Database Server is prone to a local security vulnerability that exists in Oracle Applications DBA. The vulnerability can be exploited over the 'Local Logon' protocol. For an exploit to succeed, the attacker must have 'Local Logon' privilege. This vulnerability affects the...
Microsoft Windows Remote Desktop Client CVE-2020-0611 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...
Microsoft Windows Remote Desktop Protocol CVE-2020-0610 Remote Code Execution Vulnerability
Description Microsoft Windows Remote Desktop Protocol is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies...
Microsoft Windows Remote Desktop Web Access CVE-2020-0637 Information Disclosure Vulnerability
Description Microsoft Windows Remote Desktop Web Access is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows Server 2008 R2 for x64-based Systems SP1...
Microsoft Office CVE-2020-0652 Memory Corruption Vulnerability
Description Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities
Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Message Display', 'Shopping Cart', 'Others', 'Call Phone Number Page', 'Wireless' components are affected. These vulnerabilities affect the followi...
Oracle Enterprise Manager Base Platform cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Enterprise Manager Base Platform is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over HTTP protocol. The 'Enterprise Config Management', 'Application Service Level Mgmt, 'Cloud Control Manager - OMS', 'Configuration Standard...
Adobe Experience Manager APSB20-01 Multiple Cross Site Scripting Vulnerabilities
Description Adobe Experience Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
Oracle Business Intelligence Enterprise Edition Multiple Remote Security Vulnerabilities
Description Oracle Business Intelligence Enterprise Edition is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Analytics Actions', 'BI Platform Security' and 'Analytics Server' components are affected. These vulnerabilities...
SAP Leasing CVE-2020-6306 Remote Authorization Bypass Vulnerability
Description SAP Leasing is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected SAP Leasing 6.0 SAP Leasing 6.02 SAP Leasing 6.0...